Fiverr Clone Script SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Fiverr Clone Script version 1.2.2. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Exploitation of this vulnerability could lead to the extraction of sensitive database information or unauthorized modification of database contents.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to interfere with the application's database queries. This could result in unauthorized data access, data manipulation, or potentially executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to the application with the 'page' parameter. Inject malicious SQL syntax, such as 'OR 1=1', to manipulate the database query. The injection can be verified by observing unexpected application behavior, such as unauthorized data being displayed or modified.